Post Syndicated from original https://lwn.net/Articles/891062/

David Malcolm has posted an
update on the state of static analysis in GCC 12.

Some other languages, such as Perl, can track input and flag any
variable that should not be trusted because it was read from an
outside source such as a web form. Flagging variables in this
manner is called tainting. After a program runs the variable
through a check, the variable can be untainted, a process called
sanitization.

Our GCC analyzer’s taint mode is activated by
-fanalyzer-checker=taint (which should be specified in
addition to -fanalyzer). Taint mode attempts to track
attacker-controlled values entering the program and to warn if they
are used without sanitization.